SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, April 2nd, 2026: Script Removing ADS/MotW; Google Chrome 0-Day; iOS/iPadOS 18 Update;
Apr 2, 2026
A PowerShell script that strips Windows mark-of-the-web to hide malicious files. A Google Chrome update that patches 21 vulnerabilities, including a WebGPU 0-day. An iOS/iPadOS security update that backports Darksword fixes to older devices. A CSRF flaw in ASUS routers that can allow remote reconfiguration.
AI Snips
Chapters
Transcript
Episode notes
Removing Mark Of The Web To Evade Detection
- Attackers remove the Windows zone identifier (Mark of the Web) to hide downloaded malicious files from analysts.
- Johannes Ulrich explains a malicious PowerShell script that writes a file then strips its alternate data stream to reduce discovery chance.
Active Zero-Day In Chrome's WebGPU Component
- Google fixed 21 Chrome vulnerabilities including an actively exploited use-after-free in DAWN.
- DAWN implements WebGPU, and this isn't the first critical DAWN vulnerability targeted in the wild.
Update Older iPhones To iOS 18.7 Now
- Update iOS and iPadOS to 18.7 because Apple patched 25 vulnerabilities linked to the Darksword exploit.
- Johannes Ulrich notes older devices back to iPhone XR lack modern mitigations and are especially at risk.